Mustafa TURAN, 20 yıldan uzun süredir Bilgi Teknolojileri alanında çalışmaktadır. Evli ve iki çocuk babasıdır. İlk, orta ve lise öğrenimini Kocaeli’de tamamlamış, üniversite öğrenimini Akdeniz Üniversitesi Elektronik bölümünde, yüksek lisans öğrenimini de Bahçeşehir Üniversitesi, Siber Güvenlik bölümünde tamamlamıştır. Ayrıca dünyada cereyan eden olaylara karşı merakını telkin etmek ve daha iyi anlamak için Uluslararası İlişkiler bölümü ile ikinci üniversite mezuniyetini gerçekleştirmiştir.
Mustafa, kendisini sevdiği konuda çalışan dünyadaki şanslı azınlık insan grubunda görmektedir, bu sebeple ilgilendiği konuda yeni şeyler öğrenmek heyecanını canlı tutmasına ve amatör ruhunu korumasına yardımcı olmaktadır. Bu sayede çalışam hayatına devam ederken, evli ve iki çocuk babası iken aynı zamanda Siber Güvenlik üzerine Yüksek Lisans yapabilmiştir. Bu süreçte kendisine destek olan iş arkadaşları ve ailesine müteşekkirdir. Onların desteği ve inancı sayesinde birçok zorluğu aşmıştır.
Türkiye’nin alanında öncü ve büyük kurumlarında çalışmış olan Mustafa, şu anda büyük bir finans kuruluşunda Bilgi Riski Yönetimi Başkanlığı altında iş hayatına devam etmektedir.
LinkedIn Profili : https://www.linkedin.com/in/mustafaturan7/
Twitter : https://twitter.com/mturan77
Author, MSc. Cyber Security, ISO 27001 LA, ISO 22301 LA, ITIL-F
Istanbul / TURKEY
AKBANK T.A.S İstanbul, TURKEY
Information Risk Management Office (IRMO), Information Risk Sr. Specialist (09/2017-…………)
- Assisting in finding pragmatic, cost effective solutions to identified security and risk issues
- Working closely to align security and risk advice with other divisions within the bank, such as Security Architecture
- Engaging in end-to-end risk remediation planning, resolution and monitoring activities, including Technology Continuity Management planning and testing activities
- Developing and implementing IT security and risk management frameworks and policies
- Developing and establish IT risk reporting against established enterprise risk metrics
- Assessing technical designs, project plans, and proposed initiatives against corporate security principles; and work to ensure they are addressed with minimal business impact, and that risk is identified and documented.
- Contributing to Information Security Training and Awareness activities
- Planning and assisting annual external independent audit activities
- Assessing and reviewing business contracts according to the information security and risk controls
- Providing and supporting BIAs activities for Akbank and its affiliates
BIMSA International Business, Information and Management Systems A.Ş. İstanbul, TURKEY
IT Governance, Risk and Compliance Sr. Specialist (09/2015-09/2017)
- Handled any Compliance, Regulatory Requirements, Exception Handling & Audits.
- Managed Integrated Management System in the organization that covers; ISO 27001, 22301, 20000, 31000 & PCI-DSS
- Ensured to comply with international standards as ISO and PCI-DSS on the company’s production environment.
- Assisted on Managing IT Security Compliance Assessment.
- Conducted IT Risk Management by executing appropriate measures to manage and mitigate risks
- Participated in the Data Privacy project within the company (KVKK).
- Participated from IS perspective in BCM Development and testing plans for continuing the business in case of interruption or disaster.
MetLife Emeklilik ve Hayat A.Ş. (Turkey) (Reported Line: EMEA Region-Dubai) İstanbul, TURKEY
IT Department / IT Infrastructure & Operations Supervisor (01/2012-09/2015)
- Managed of Data Center and DR Center facilities
- Protected IT Assets/Facilities with the industrial Physical and Environmental Security practices
- Managed Cisco ASA and Juniper SSG firewalls in the 3 Tier Architecture design with IPS/IDS capabilities
- Applied IT Systems & Network Hardening best practices align with the company security policy. Implement and monitor the security measures on the company
- Generated Capex & Opex Budgets for the Infrastructure Department and to ensure that they are coherent with the actuals and that the financial targets are met for the department
- Full responsibility over all IT Infrastructure, Operations & Projects and ensuring that all targets are met successfully
- Provided Monthly Report to the board on all aspects of the IT Infrastructure Department
- Conducted IT Security, Compliance and Audits (MITC, PCI-DSS, Deloitte, Internal IT Audits, etc.)
- Collaborated and involve on Home Office and Regional based ‘international IT projects
- Ensured Business Continuity and Disaster Recovery plans and solutions are in place and kept up-to-date
- Conducted annual BCP and DR tests
- Experienced in designing, implementing, managing and monitoring local or wide area technology environments.
IT Department / Senior System and Network Engineer (02/2012-01/2014)
- Kept the systems and network uptime not below then 99%
- Participated in the development of policies, procedures
- Managed licenses for all operating system related software and end-user tools/applications
- Prepared detailed network diagrams, documentations, records and keep them updated. Reports as needed
- Performed to closing security gaps on the systems via Qualys Scan Reports, McAfee, Compliance requirements etc.
- Managed 3 Tier Network architecture and create secure services via it
- Managed firewalls (Cisco ASA, Juniper SSG) and practicing access-control with the least-privilege principle
- Monitored and fed data to the IT Risk & Security Dashboard
- Conducted continuous vulnerability & patch management, monitoring and reporting
- Planed, coordinated, and implemented network security measures in order to protect data, software, and hardware.
- Prepared and followed Infrastructure budget and review it monthly
- Initiated Vendor Assessment process and follow-up findings
Colgate Palmolive – Baser Kimya İstanbul, TURKEY
IT Department / IT Supervisor (03/2006-02/2011)
- Managed wide migration of MS Exchange from 5.5 to 2003, and MS Windows NT 4.0 to 2003 R2.
- Implemented security and protection tools e.g. (Checkpoint FW, TrendMicro SMTP GW & Endpoint Antivirus)
- System and network hardenings implemented with Group Policy and Cisco IOS best practices.
- Conducted Vulnerability and Patch Management activities.
- Created and performed disaster recovery practices and guidelines of critical platforms
- Built and cemented relations with vendors, distributors, and clients
- Built and managed IT budget in the company
- Physical servers migrated to VMware virtualization system
IT Department / Network & IT Specialist (07/2004-03/2006)
- Oversaw servers, workstations, user support and help desk support.
- Managed and maintain Oracle and SQL Databases
- Managed and maintained backup operations.
- Implemented WAN redundancy and security practices for IT infrastructure.
- Managed and implemented TrendMicro AV solutions for different layers.(SMTP GW, ScanMail, Endpoint Protection)
- Managed IT inventory and licenses, ensure for the no-license gap in the company.
- Managed site-2-site VPN connections for remote sites via Leased Lines and MPLS
- Conducted Vulnerability and Patch Management activities.
Yapi Kredi Technology İstanbul, TURKEY
Administration of Operations Directorship / IT Change Specialist (05/2003 – 07/2004)
- Change management was conducted within the Yapi Kredi and subsidiaries of all IT-based change, planning, organization and deployment processes.
- Performed risk assessment for IT change requests.
- Set up and managed weekly Change Advisory Board (CAB) meetings
- Participated and documented Change Reviews and proactively manage any assigned actions
- Ensured that Change Freeze Periods are applied and followed-up.
- Deployments were made by related tools e.g. (MS SMS, Rational Rose, Telnet and Unix Scripts, etc.)
- Yapi Kredi Bank, Yatirim, Teleweb, Teletel and YK Bankacilik Üssü IT environment were in the change scope
IT System Support Specialist (10/1998 – 05/2003)
- Created ISO 9001 documents for computer systems.
- Supported the network consisting of desktops and servers.
- Performed hardware and software maintenance and installation tasks.
- Performed hardware maintenance and installation tasks in Yapi Kredi datacenter for servers.
- Involved the IT End User and Data Center projects.
- Ensured all incident tickets must be delivered in SLAs and OLAs time period.
- Acts as a team member and help to create high performance team in the IT organization.
Magic Life Hotels Antalya, TURKEY
IT System Support Engineer (01/1997 – 01/1998)
- Planned and built network for different branches
- Applied installation of Windows and Novell server and clients.
- Oversaw and supported servers, workstations, user trainings and support, including Novell problems.
- Managed and maintained backup operations.
2016–2018 (3.73/4) Bahcesehir University, Cyber Security (English) (M.Sc.) Istanbul, TURKEY
2011–2014 (3.03/4) Anadolu University, Int. Relations and Affairs (B.Sc.) Eskisehir, TURKEY
1994–1996 (7/10) Akdeniz University, Industrial Electronics (Collage) Antalya, TURKEY
CompTIA A+ / Komdatasoft
MCSE 2003 / Network Academy
Linux Security Essentials / Gelecek
CCNA / BT Egitim
VMware vSphere: Inst, Conf, MngV4.1/B.Adam
English as a Second Language/San Diego Uni/US
Positive Feedback / MetLife Turkey
Project Management / Istanbul Institute
Effective Recruitment Techniques / MetLife
PCI DSS Internal Security Assessor / BKM
PPM – Project and Portfolio Management / MetLife
CISSP / InfoSec
Process Development / Software AG
COBIT 5 Foundation / Career Academy
ITIL v.3 / 2011 Foundation / Bir618
ISO 27001 – Lead Auditor / TBD
ISO 22301 – Lead Auditor / TTM & VeriCert
The 7 Habits of Highly Effective People- FCovey
Effective Communication Techniques – RNA
Management of Risk-Knowledge Academy-London
LANGUAGE English (Good) (Studied English as a Second Language program in United States / San Diego University)
Information Risk Management Program Implementation
ISO 20000 Service Management System Implementation and Certification
PCI-DSS Corporate Implementation
Merging Four Management Systems Under One Integrated Management System (ISO 27001, ISO 22301, ISO 31000 and ISO 20000 Management Systems)
Information Security Awareness Content Preparation and Act in Video
Security Awareness Questionnaire Prep. 100+ Questions
Third-Party and Vendor Security Requirements Lists
Vendor on-site Security and Risk Assessment
Preparing Corporate Information Security Policies
Annual Risk Assessment Plan
Department Workload and Capacity Plan
Personal Data Protection Law Implementation Project Member
Preparing Annual Information Security Trainings
Blockchain Projects Member for Information Risk and Security
Publishing a Book about Personal Data Protection Law in Turkey
(Book name : Ceza Almadan Tedbir Al)
Invited to the EU’s NIS Directive (Directive on security of network and information systems) Compliance Working Group by BTK.gov.tr
LECTURES of CYBER SECURITY MASTER of SCIENCE
Network Security and Cryptography
Cyber Security Law